Search Results (Refine Search)
- CPE Product Version: cpe:/o:opensuse:opensuse:12.1
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-0779 |
The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. Published: February 19, 2013; 6:55:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0778 |
The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. Published: February 19, 2013; 6:55:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0777 |
Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Published: February 19, 2013; 6:55:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0776 |
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site. Published: February 19, 2013; 6:55:01 PM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-0775 |
Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script. Published: February 19, 2013; 6:55:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0774 |
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors. Published: February 19, 2013; 6:55:01 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-0773 |
The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. Published: February 19, 2013; 6:55:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0772 |
The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image. Published: February 19, 2013; 6:55:01 PM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2013-0765 |
Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors. Published: February 19, 2013; 6:55:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-6075 |
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. Published: February 12, 2013; 8:55:03 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0170 |
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue. Published: February 08, 2013; 3:55:01 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-5656 |
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack. Published: January 18, 2013; 6:48:40 AM -0500 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2013-0420 |
Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the January 2013 Oracle CPU. Oracle has not commented on claims from another vendor that this issue is related to an incorrect comparison in the vga_draw_text function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to "draw more lines than necessary." Published: January 16, 2013; 8:55:06 PM -0500 |
V3.x:(not available) V2.0: 2.4 LOW |
CVE-2013-0837 |
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs. Published: January 15, 2013; 4:55:02 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-0836 |
Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, does not properly implement garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code. Published: January 15, 2013; 4:55:02 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-0835 |
Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors. Published: January 15, 2013; 4:55:02 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-0834 |
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving glyphs. Published: January 15, 2013; 4:55:02 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-0833 |
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing. Published: January 15, 2013; 4:55:02 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-0832 |
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing. Published: January 15, 2013; 4:55:02 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-0831 |
Directory traversal vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to have an unspecified impact by leveraging access to an extension process. Published: January 15, 2013; 4:55:01 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |